Mercurial > p > roundup > code
annotate doc/announcement.txt @ 4347:0e33bf5571dc
make some more memorydb tests pass
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 05 Feb 2010 05:10:52 +0000 |
| parents | 4ce71b5480a8 |
| children | e2be38b52d4d |
| rev | line source |
|---|---|
|
4308
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
1 I'm proud to release version 1.4.11 of Roundup which fixes a number bugs |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
2 and closes a potential security hole. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
3 |
|
4309
4ce71b5480a8
release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
4308
diff
changeset
|
4 ALL tracker maintainers MUST read the upgrading documentation to make sure |
|
4308
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
5 the hole is fixed in their tracker. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
6 |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
7 Other changes in this release: |
|
4117
4d1fa6e1fe8c
release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
4110
diff
changeset
|
8 |
|
4308
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
9 - Generic class editor may now restore retired items (thanks Ralf Hemmecke) |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
10 - Fix security hole allowing user permission escalation (thanks Ralf |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
11 Schlatterbeck) |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
12 - More SSL fixes. SSL wants the underlying socket non-blocking. So we |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
13 don't call socket.setdefaulttimeout in case of SSL. This apparently |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
14 never raises a WantReadError from SSL. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
15 This also fixes a case where a WantReadError is raised and apparently |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
16 the bytes already read are dropped (seems the WantReadError is really |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
17 an error, not just an indication to retry). |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
18 - Correct initial- and end-handshakes for SSL |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
19 - Update FAQ to mention infinite redirects with pathological settings of |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
20 the tracker->web variable. Closes issue2537286, thanks to "stuidge" |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
21 for reporting. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
22 - Fix some format errors in italian translation file |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
23 - Some bugs issue classifiers were causing database lookup errors |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
24 - Fix security-problem: If user hasn't permission on a message (notably |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
25 files and content properties) and is on the nosy list, the content was |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
26 sent via email. We now check that user has permission on the message |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
27 content and files properties. Thanks to Intevation for funding this |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
28 fix. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
29 - Fix traceback on .../msgN/ url, this requests the file content and for |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
30 apache mod_wsgi produced a traceback because the mime type is None for |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
31 messages, fixes issue2550586, thanks to Thomas Arendsen Hein for |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
32 reporting and to Intevation for funding the fix. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
33 - Handle OPTIONS http request method in wsgi handler, fixes issue2550587. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
34 Thanks to Thomas Arendsen Hein for reporting and to Intevation for |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
35 funding the fix. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
36 - Add documentation for migrating to the Register permission and |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
37 fix mailgw to use Register permission, fixes issue2550599 |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
38 - Fix styling of calendar to make it more usable, fixes issue2550608 |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
39 - Fix typo in email section of user guide, fixes issue2550607 |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
40 - Fix WSGI response code (thanks Peter Pöml) |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
41 - Fix linking of an existing item to a newly created item, e.g. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
42 edit action in web template is name="issue-1@link@msg" value="msg1" |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
43 would trigger a traceback about an unbound variable. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
44 Add new regression test for this case. May be related to (now closed) |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
45 issue1177477. Thanks to Intevation for funding the fix. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
46 - Clean up all the places where role processing occurs. This is now in a |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
47 central place in hyperdb.Class and is used consistently throughout. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
48 This also means now a template can override the way role processing |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
49 occurs (e.g. for elaborate permission schemes). Thanks to intevation |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
50 for funding the change. |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
51 - Fix issue2550606 (german translation bug) "an hour" is only used in |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
52 the context "in an hour" or "an hour ago" which translates to german |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
53 "in einer Stunde" or "vor einer Stunde". So "an hour" is translated |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
54 "einer Stunde" (which sounds wrong at first). Also note that date.py |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
55 already has a comment saying "XXX this is internationally broken" -- |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
56 but at least there's a workaround for german :-) Thanks to Chris |
|
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4270
diff
changeset
|
57 (radioking) for reporting. |
|
3722
41feeed84caa
*** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
3721
diff
changeset
|
58 |
|
2253
91118ac2fa7f
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2219
diff
changeset
|
59 If you're upgrading from an older version of Roundup you *must* follow |
|
91118ac2fa7f
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2219
diff
changeset
|
60 the "Software Upgrade" guidelines given in the maintenance documentation. |
|
91118ac2fa7f
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2219
diff
changeset
|
61 |
|
4226
d0a3ac73b4c1
clarify python version
Richard Jones <richard@users.sourceforge.net>
parents:
4117
diff
changeset
|
62 Roundup requires python 2.3 or later (but not 3+) for correct operation. |
|
1291
bf8b2380adb3
added CGI :remove:<propname> and :add:<propname>...
Richard Jones <richard@users.sourceforge.net>
parents:
1286
diff
changeset
|
63 |
|
1780
d2801a2b0a77
Initial implementation (half-baked) at new Tracker instance.
Richard Jones <richard@users.sourceforge.net>
parents:
1744
diff
changeset
|
64 To give Roundup a try, just download (see below), unpack and run:: |
|
d2801a2b0a77
Initial implementation (half-baked) at new Tracker instance.
Richard Jones <richard@users.sourceforge.net>
parents:
1744
diff
changeset
|
65 |
| 3647 | 66 roundup-demo |
|
282
fb1b67a8fd98
Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents:
281
diff
changeset
|
67 |
|
3537
d819ff1b3116
*** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
3536
diff
changeset
|
68 Release info and download page: |
| 3539 | 69 http://cheeseshop.python.org/pypi/roundup |
|
282
fb1b67a8fd98
Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents:
281
diff
changeset
|
70 Source and documentation is available at the website: |
|
320
61c42790c3f1
Bugfix in filter "widget" placement, thanks Roch'e
Richard Jones <richard@users.sourceforge.net>
parents:
316
diff
changeset
|
71 http://roundup.sourceforge.net/ |
|
286
2313560b8477
Initial cut at trying to handle people responding to CC'ed messages...
Richard Jones <richard@users.sourceforge.net>
parents:
283
diff
changeset
|
72 Mailing lists - the place to ask questions: |
|
320
61c42790c3f1
Bugfix in filter "widget" placement, thanks Roch'e
Richard Jones <richard@users.sourceforge.net>
parents:
316
diff
changeset
|
73 http://sourceforge.net/mail/?group_id=31577 |
|
286
2313560b8477
Initial cut at trying to handle people responding to CC'ed messages...
Richard Jones <richard@users.sourceforge.net>
parents:
283
diff
changeset
|
74 |
|
2313560b8477
Initial cut at trying to handle people responding to CC'ed messages...
Richard Jones <richard@users.sourceforge.net>
parents:
283
diff
changeset
|
75 |
|
282
fb1b67a8fd98
Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents:
281
diff
changeset
|
76 About Roundup |
|
fb1b67a8fd98
Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents:
281
diff
changeset
|
77 ============= |
|
241
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
78 |
|
2030
3f6e27e9b063
tweaks to make un-quoted-printable-aware readers bitch and moan to me less
Richard Jones <richard@users.sourceforge.net>
parents:
1780
diff
changeset
|
79 Roundup is a simple-to-use and -install issue-tracking system with |
|
3f6e27e9b063
tweaks to make un-quoted-printable-aware readers bitch and moan to me less
Richard Jones <richard@users.sourceforge.net>
parents:
1780
diff
changeset
|
80 command-line, web and e-mail interfaces. It is based on the winning design |
|
241
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
81 from Ka-Ping Yee in the Software Carpentry "Track" design competition. |
|
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
82 |
|
2030
3f6e27e9b063
tweaks to make un-quoted-printable-aware readers bitch and moan to me less
Richard Jones <richard@users.sourceforge.net>
parents:
1780
diff
changeset
|
83 Note: Ping is not responsible for this project. The contact for this |
|
3f6e27e9b063
tweaks to make un-quoted-printable-aware readers bitch and moan to me less
Richard Jones <richard@users.sourceforge.net>
parents:
1780
diff
changeset
|
84 project is richard@users.sourceforge.net. |
|
241
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
85 |
|
2030
3f6e27e9b063
tweaks to make un-quoted-printable-aware readers bitch and moan to me less
Richard Jones <richard@users.sourceforge.net>
parents:
1780
diff
changeset
|
86 Roundup manages a number of issues (with flexible properties such as |
|
659
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
87 "description", "priority", and so on) and provides the ability to: |
|
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
88 |
|
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
89 (a) submit new issues, |
|
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
90 (b) find and edit existing issues, and |
|
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
91 (c) discuss issues with other participants. |
|
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
92 |
|
241
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
93 The system will facilitate communication among the participants by managing |
|
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
94 discussions and notifying interested parties when issues are edited. One of |
|
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
95 the major design goals for Roundup that it be simple to get going. Roundup |
|
4226
d0a3ac73b4c1
clarify python version
Richard Jones <richard@users.sourceforge.net>
parents:
4117
diff
changeset
|
96 is therefore usable "out of the box" with any python 2.3+ (but not 3+) |
|
d0a3ac73b4c1
clarify python version
Richard Jones <richard@users.sourceforge.net>
parents:
4117
diff
changeset
|
97 installation. It doesn't even need to be "installed" to be operational, |
|
d0a3ac73b4c1
clarify python version
Richard Jones <richard@users.sourceforge.net>
parents:
4117
diff
changeset
|
98 though an install script is provided. |
|
241
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
99 |
|
1102
d94bd5369456
first cut at 0.5 announcement
Richard Jones <richard@users.sourceforge.net>
parents:
797
diff
changeset
|
100 It comes with two issue tracker templates (a classic bug/feature tracker and |
| 3943 | 101 a minimal skeleton) and four database back-ends (anydbm, sqlite, mysql |
| 102 and postgresql). | |
|
1102
d94bd5369456
first cut at 0.5 announcement
Richard Jones <richard@users.sourceforge.net>
parents:
797
diff
changeset
|
103 |
